Xst3nZ

5 exploits Active since Apr 2007
CVE-2007-2000 EXPLOITDB text WRITEUP
Crea-Book < 1.0 - SQL Injection via Pseudo or Passe Parameter
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.
CVE-2007-1895 EXPLOITDB text WRITEUP
MySpeach < 3.0.7 - Remote File Inclusion via my_ms[root] Cookie
PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.
EIP-2026-117700 EXPLOITDB c WORKING POC
Norman Security Suite 8 - 'nprosec.sys' Local Privilege Escalation
CVE-2007-1896 EXPLOITDB text WRITEUP
Sky GUNNING MySpeach <= 3.0.7 - Directory Traversal via my_ms[root] Cookie
Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.
CVE-2007-2001 EXPLOITDB text WRITEUP
crea-book < 1.0 - Authenticated PHP Code Injection via Admin Configuration Fields
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.